diff options
Diffstat (limited to 'doc/man3/SSL_CTX_load_verify_locations.pod')
-rw-r--r-- | doc/man3/SSL_CTX_load_verify_locations.pod | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/doc/man3/SSL_CTX_load_verify_locations.pod b/doc/man3/SSL_CTX_load_verify_locations.pod index 7408a2080d..da64738700 100644 --- a/doc/man3/SSL_CTX_load_verify_locations.pod +++ b/doc/man3/SSL_CTX_load_verify_locations.pod @@ -33,6 +33,9 @@ locations for B<ctx>, at which CA certificates for verification purposes are located. The certificates available via B<CAfile>, B<CApath> and B<CAstore> are trusted. +Details of the certificate verification and chain checking process are +described in L<openssl-verification-options(1)/Certification Path Validation>. + SSL_CTX_set_default_verify_paths() specifies that the default locations from which CA certificates are loaded should be used. There is one default directory, one default file and one default store. @@ -85,14 +88,10 @@ The certificates in B<CApath> are only looked up when required, e.g. when building the certificate chain or when actually performing the verification of a peer certificate. -When looking up CA certificates, the OpenSSL library will first search the -certificates in B<CAfile>, then those in B<CApath>. Certificate matching -is done based on the subject name, the key identifier (if present), and the -serial number as taken from the certificate to be verified. If these data -do not match, the next certificate will be tried. If a first certificate -matching the parameters is found, the verification process will be performed; -no other certificates for the same parameters will be searched in case of -failure. +When looking up CA certificates for chain building, the OpenSSL library +will search for suitable certificates first in B<CAfile>, then in B<CApath>. +Details of the chain building process are described in +L<openssl-verification-options(1)/Certification Path Building>. If B<CAstore> is not NULL, it's a URI for to a store, which may represent a single container or a whole catalogue of containers. |